If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register or Login
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Using PsSetCreateProcessNotifyRoutineEx

As far as I know, PsSetCreateProcessNotifyRoutineEx() is a kernel function to be called from a driver and not from a user process.

All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

Re: Using PsSetCreateProcessNotifyRoutineEx

All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

Re: Using PsSetCreateProcessNotifyRoutineEx

Originally Posted by mesajflaviu

"To get started, be sure you have Microsoft Visual Studio 2015 " it is mandatory ? I cannot create driver project in VS2008 ?

Yes you probably can. The IDE menus, descriptions etc will likely be different though and the instructions may need to be modified to suite the older VS version. At some point Microsoft changed their underlying driver methodology - and I can't remember when. If it was after VS2008 then the instructions may not work and you'll need to search for how to do it with the older methodology.

Why not take this opportunity to upgrade to VS2017. VS2008 is 10 years old and there have been massive changes to c++ since then.

All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

Re: Using PsSetCreateProcessNotifyRoutineEx

"Why not take this opportunity to upgrade to VS2017. VS2008 is 10 years old and there have been massive changes to c++ since then." I have an library inside my project that give error if is compiled with VS2017.

Re: Using PsSetCreateProcessNotifyRoutineEx

Originally Posted by mesajflaviu

"Why not take this opportunity to upgrade to VS2017. VS2008 is 10 years old and there have been massive changes to c++ since then." I have an library inside my project that give error if is compiled with VS2017.

That is possible - because of the many, many changes to the c++ language since c++98 (which VS2008 uses). Some accepted c++ syntax in VS2008 is no longer valid. When we moved to c++11 (VS2013 then VS2015) we had many issues with code that previously compiled OK that no longer compiled. We had to go through all the code and change it so that it compiled - which was quite time consuming but fairly painless as the problems were usually easily spotted.

All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!

Re: Using PsSetCreateProcessNotifyRoutineEx

Originally Posted by mesajflaviu

From what I have read, if I would prevent the process creation, I should step down to the driver level ... so, I come back to the first post ...

No you don't. User space app has no control on foreign process creation. You get to kernel level to have one. This is what all anti-virus software does with no exception. This is a very basic Windows security concept, and you have no option to circumvent that.

Originally Posted by mesajflaviu

"To get started, be sure you have Microsoft Visual Studio 2015 " it is mandatory ? I cannot create driver project in VS2008 ?

No, you can not. Historically, Visual Studio was intended to target user-space binary creation only, and kernel drivers belonged with DDK. DDK always was a development environment on its own, with a distinct development culture having nothing common with VS, hence the errors you've got. And it seems MS gave up a few years ago. Sissies...